package com.gitee.linzl;

import org.springframework.boot.Banner;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import de.codecentric.boot.admin.server.config.EnableAdminServer;

@SpringBootApplication
@EnableDiscoveryClient
@EnableAdminServer
public class SpringAdminServerBootstrap {
	public static void main(String[] args) {
		SpringApplicationBuilder builder = new SpringApplicationBuilder(SpringAdminServerBootstrap.class);
		builder.bannerMode(Banner.Mode.OFF);
		builder.run(args);
	}
	// https://codecentric.github.io/spring-boot-admin/2.0.0/#set-up-admin-server
	// @Bean 集群配置
	// public Config hazelcastConfig() {
	// MapConfig mapConfig = new
	// MapConfig("spring-boot-admin-event-store").setInMemoryFormat(InMemoryFormat.OBJECT)
	// .setBackupCount(1).setEvictionPolicy(EvictionPolicy.NONE);
	// return new Config().setProperty("hazelcast.jmx",
	// "true").addMapConfig(mapConfig);
	// }

	@Profile("insecure")
	@Configuration
	public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
			// 端点检测,不需要认证
			// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
			// .ignoringAntMatchers("/instances", "/actuator/**").disable();
		}
	}

	@Profile("secure")
	@Configuration
	public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
		private final String adminContextPath;

		public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
			this.adminContextPath = adminServerProperties.getContextPath();
		}

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			// @formatter:off
			SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
			successHandler.setTargetUrlParameter("redirectTo");
			// 放开部分请求，如样式
			http.authorizeRequests().antMatchers(adminContextPath + "/assets/**").permitAll().antMatchers("hystrix/**")
					.permitAll().antMatchers(adminContextPath + "/login").permitAll().anyRequest().authenticated().and()
					.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout()
					.logoutUrl(adminContextPath + "/logout").and().httpBasic().and().csrf().disable();
			// 端点检测,不需要认证
			// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
			// .ignoringAntMatchers("/instances", "/actuator/**").disable();
			// @formatter:on
		}
	}
}
